66b723e4037dae30a4fc387207b5e411466db71a6cb8c19d8499157ee8b4f76e

Analysis

max time kernel
9s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09/07/2024, 02:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
Size

377KB
MD5

2ec1a494ca2a2b7c439569e6658e2f45
SHA1

a76e8784f250db262f23af4950828a963b300cd9
SHA256

66b723e4037dae30a4fc387207b5e411466db71a6cb8c19d8499157ee8b4f76e
SHA512

24a39ef195c4e22a62b9589d106bbb35cf16fe2666994586f02f59edbddec964de4cc160a3ed0f8f549da11ab16d5e5494d7c20c0b7109ce8a0585abe9c323d1
SSDEEP

6144:6kSAIWHYXqq+vxiCrrZxSlj0KwQWJxXs5MWeKXf10w1X8f5x10TK1+cRMXYrXg1W:eATHYZyxZrZSjFwf3s/Xf2wG0zVXIA/e

Score

8^/10

persistence

Malware Config

Signatures

Adds policy Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	blcrckthk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options = "win"	blcrckthk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	ejexfgpikz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Explorer Options = "win"	ejexfgpikz.exe

Executes dropped EXE 64 IoCs

pid	Process
3052	blcrckthk.exe
2956	ejexfgpikz.exe
2820	fdokovkvw.exe
2784	ndenzjftvi.exe
2536	leuqkhr.exe
2532	nbhwnex.exe
1924	lcxzysiki.exe
944	wajcezwlfew.exe
1004	wiffkxkl.exe
2252	bbpiqmcr.exe
1704	wgxeyibuhv.exe
2304	fslbmxug.exe
2184	alwoscmve.exe
1632	ktshyjawsg.exe
1296	gyadgfzp.exe
2952	qwmgmmnpd.exe
2368	olezuubkdx.exe
2072	mbucvim.exe
1224	uyizjxoez.exe
1952	soycjlamohf.exe
1496	zppfujvunww.exe
1976	ybtbionfao.exe
2356	dunoodfvaz.exe
2484	ynxrusxbake.exe
2932	iltuzql.exe
2908	dedhffdh.exe
2380	gixqdvnxkj.exe
992	wnsydrv.exe
1768	jfjnrrkyavh.exe
1180	mzdwzrud.exe
1720	kzuzzgflwa.exe
2832	psemfvxrwb.exe
2456	njupqji.exe
1540	amyzojsf.exe
820	ydobzhdnhl.exe
2972	twypfmvthwo.exe
2112	ypiclbnjxhn.exe
2236	biclsbyo.exe
1416	wbwoygquu.exe
2124	jvqxwgqjrg.exe
1944	hvgkhel.exe
2784	zhvxika.exe
2532	hhlatyvd.exe
756	fybdtxgluv.exe
2904	ibvnbnq.exe
1180	nkfahci.exe
2148	qojjpbimp.exe
1548	lhtmvgbsff.exe
564	txjzwfmaeth.exe
3068	oqtcbue.exe
1708	rkxljkowr.exe
1496	wdiypzgbr.exe
1780	udybaxrkpag.exe
2568	hxslynb.exe
2480	zigyjtq.exe
2880	aqsboaedbh.exe
2168	kcqkrhlqau.exe
1460	fvaxxwewawj.exe
3048	fhyhanl.exe
2912	nioubbgs.exe
2504	oumdosnfmb.exe
2784	mucgpqy.exe
1704	gnntuvq.exe
2168	uhhccvayy.exe

Loads dropped DLL 64 IoCs

pid	Process
2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
608	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
608	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2416	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2416	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2464	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2464	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2012	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2012	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1988	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1988	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2176	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2176	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1928	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
948	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
948	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1196	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1196	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1476	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1476	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
268	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
268	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1424	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1424	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
872	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
872	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2564	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2564	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1948	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1948	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
3012	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
3012	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2676	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2676	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2740	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2500	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2500	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2956	ejexfgpikz.exe
2956	ejexfgpikz.exe
1608	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1608	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2224	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
2224	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1624	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1624	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1600	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
1600	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	blcrckthk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Java Virtual Machine = "wingtsv.exe"	ejexfgpikz.exe

Modifies WinLogon 2 TTPs 6 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	ejexfgpikz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	ejexfgpikz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	ejexfgpikz.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe"	blcrckthk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Windows startup = "explorer.exe wingtsv.exe"	blcrckthk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\System Startup = "wingtsv.exe"	blcrckthk.exe

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	blcrckthk.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	blcrckthk.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	ejexfgpikz.exe
File opened for modification	C:\Windows\SysWOW64\ntvdc.exe	ejexfgpikz.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	ejexfgpikz.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	blcrckthk.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	ejexfgpikz.exe
File opened for modification	C:\Windows\SysWOW64\fsdutil.exe	ejexfgpikz.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	ejexfgpikz.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	blcrckthk.exe
File created	C:\Windows\SysWOW64\wnsydrv.exe	blcrckthk.exe
File opened for modification	C:\Windows\SysWOW64\wingtsv.exe	blcrckthk.exe
File created	C:\Windows\SysWOW64\wingtsv.exe	blcrckthk.exe
File created	C:\Windows\SysWOW64\ntvdc.exe	blcrckthk.exe
File opened for modification	C:\Windows\SysWOW64\wnsydrv.exe	ejexfgpikz.exe
File created	C:\Windows\SysWOW64\fsdutil.exe	ejexfgpikz.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1888	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	30
PID 2868 wrote to memory of 1888	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	30
PID 2868 wrote to memory of 1888	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	30
PID 2868 wrote to memory of 1888	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	30
PID 2868 wrote to memory of 3052	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	31
PID 2868 wrote to memory of 3052	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	31
PID 2868 wrote to memory of 3052	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	31
PID 2868 wrote to memory of 3052	2868	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	31
PID 1888 wrote to memory of 1932	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	32
PID 1888 wrote to memory of 1932	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	32
PID 1888 wrote to memory of 1932	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	32
PID 1888 wrote to memory of 1932	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	32
PID 1888 wrote to memory of 2956	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2956	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2956	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	33
PID 1888 wrote to memory of 2956	1888	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	33
PID 1932 wrote to memory of 2716	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	34
PID 1932 wrote to memory of 2716	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	34
PID 1932 wrote to memory of 2716	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	34
PID 1932 wrote to memory of 2716	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	34
PID 1932 wrote to memory of 2820	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	35
PID 1932 wrote to memory of 2820	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	35
PID 1932 wrote to memory of 2820	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	35
PID 1932 wrote to memory of 2820	1932	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	35
PID 2716 wrote to memory of 2596	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	36
PID 2716 wrote to memory of 2596	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	36
PID 2716 wrote to memory of 2596	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	36
PID 2716 wrote to memory of 2596	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	36
PID 2716 wrote to memory of 2784	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	152
PID 2716 wrote to memory of 2784	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	152
PID 2716 wrote to memory of 2784	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	152
PID 2716 wrote to memory of 2784	2716	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	152
PID 2596 wrote to memory of 2528	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	38
PID 2596 wrote to memory of 2528	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	38
PID 2596 wrote to memory of 2528	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	38
PID 2596 wrote to memory of 2528	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	38
PID 2596 wrote to memory of 2536	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	113
PID 2596 wrote to memory of 2536	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	113
PID 2596 wrote to memory of 2536	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	113
PID 2596 wrote to memory of 2536	2596	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	113
PID 2528 wrote to memory of 1860	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	40
PID 2528 wrote to memory of 1860	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	40
PID 2528 wrote to memory of 1860	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	40
PID 2528 wrote to memory of 1860	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	40
PID 2528 wrote to memory of 2532	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	168
PID 2528 wrote to memory of 2532	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	168
PID 2528 wrote to memory of 2532	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	168
PID 2528 wrote to memory of 2532	2528	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	168
PID 1860 wrote to memory of 1396	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	42
PID 1860 wrote to memory of 1396	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	42
PID 1860 wrote to memory of 1396	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	42
PID 1860 wrote to memory of 1396	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	42
PID 1860 wrote to memory of 1924	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	43
PID 1860 wrote to memory of 1924	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	43
PID 1860 wrote to memory of 1924	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	43
PID 1860 wrote to memory of 1924	1860	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	43
PID 1396 wrote to memory of 608	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	44
PID 1396 wrote to memory of 608	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	44
PID 1396 wrote to memory of 608	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	44
PID 1396 wrote to memory of 608	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	44
PID 1396 wrote to memory of 944	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	45
PID 1396 wrote to memory of 944	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	45
PID 1396 wrote to memory of 944	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	45
PID 1396 wrote to memory of 944	1396	2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe	45

C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1888
- - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
    3⤵
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
      "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
      4⤵
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        6⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        8⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        9⤵
        Loads dropped DLL
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        10⤵
        Loads dropped DLL
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        11⤵
        Loads dropped DLL
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        12⤵
        Loads dropped DLL
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        13⤵
        Loads dropped DLL
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        14⤵
        Loads dropped DLL
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        15⤵
        Loads dropped DLL
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        16⤵
        Loads dropped DLL
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        17⤵
        Loads dropped DLL
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        18⤵
        Loads dropped DLL
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        19⤵
        Loads dropped DLL
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        20⤵
        Loads dropped DLL
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        21⤵
        Loads dropped DLL
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        22⤵
        Loads dropped DLL
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        23⤵
        Loads dropped DLL
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        24⤵
        Loads dropped DLL
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        25⤵
        Loads dropped DLL
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        26⤵
        Loads dropped DLL
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        27⤵
        Loads dropped DLL
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        28⤵
        Loads dropped DLL
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        29⤵
        Loads dropped DLL
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        30⤵
        Loads dropped DLL
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        31⤵
        Loads dropped DLL
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        32⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        33⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        34⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        35⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        36⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        37⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        38⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        39⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        40⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        41⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        42⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        43⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        44⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        45⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        46⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        47⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        48⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        49⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        50⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        51⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        52⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        53⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        54⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        55⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        56⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        57⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        58⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        59⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        60⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        61⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        62⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        63⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        64⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        65⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        66⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        67⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        68⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        69⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        70⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        71⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        72⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        73⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        74⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        75⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        76⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        77⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        78⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        79⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        80⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        81⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        82⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        83⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        84⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        85⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        86⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        87⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        88⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        89⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        90⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        91⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        92⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        93⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        94⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        95⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        96⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        97⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        98⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        99⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        100⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        101⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        102⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        103⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        104⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        105⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        106⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        107⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        108⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        109⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        110⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        111⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        112⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        113⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        114⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        115⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        116⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        117⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        118⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        119⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        120⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        121⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        122⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        123⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        124⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        125⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        126⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        127⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        128⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        129⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        130⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        131⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        132⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        133⤵
        
        PID:4160
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        134⤵
        
        PID:4216
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        135⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        136⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        137⤵
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        138⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        139⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        140⤵
        
        PID:4540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        141⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        142⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        143⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        144⤵
        
        PID:4768
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        145⤵
        
        PID:4816
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        146⤵
        
        PID:4876
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        147⤵
        
        PID:4932
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        148⤵
        
        PID:4988
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        149⤵
        
        PID:5044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        150⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        151⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        152⤵
        
        PID:4200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        153⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        154⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        155⤵
        
        PID:4444
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        156⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        157⤵
        
        PID:4604
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        158⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        159⤵
        
        PID:4772
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        160⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        161⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        162⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        163⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        164⤵
        
        PID:4132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        165⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        166⤵
        
        PID:4472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        167⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        168⤵
        
        PID:4624
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        169⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        170⤵
        
        PID:4888
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        171⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        172⤵
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        173⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        174⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        175⤵
        
        PID:4912
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        176⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        177⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        178⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        179⤵
        
        PID:5072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        180⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        181⤵
        
        PID:4752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        182⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        183⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        184⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        185⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        186⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        187⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        188⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        189⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        190⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        191⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        192⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        193⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        194⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        195⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        196⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        197⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        198⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        199⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        200⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        201⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        202⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        203⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        204⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        205⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        206⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        207⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        208⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        209⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        210⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        211⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        212⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        213⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        214⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        215⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        216⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        217⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        218⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        219⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        220⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        221⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        222⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        223⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        224⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        225⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        226⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        227⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        228⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        229⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        230⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        231⤵
        
        PID:5524
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        232⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        233⤵
        
        PID:5852
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        234⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        235⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        236⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        237⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        238⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        239⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        240⤵
        
        PID:6216
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        241⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        242⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        243⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        244⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        245⤵
        
        PID:6492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        246⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        247⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        248⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        249⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        250⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        251⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        252⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        253⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        254⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        255⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        256⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        257⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        258⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        259⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        260⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        261⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        262⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        263⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        264⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        265⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        266⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        267⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        268⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        269⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        270⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        271⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        272⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        273⤵
        
        PID:6540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        274⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        275⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        276⤵
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        277⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        278⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        279⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        280⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        281⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        282⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        283⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        284⤵
        
        PID:6240
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        285⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        286⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        287⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        288⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        289⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        290⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        291⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        292⤵
        
        PID:7072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        293⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        294⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        295⤵
        
        PID:7200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        296⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        297⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        298⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        299⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        300⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        301⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        302⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        303⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        304⤵
        
        PID:7700
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        305⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        306⤵
        
        PID:7812
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        307⤵
        
        PID:7864
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        308⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        309⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        310⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        311⤵
        
        PID:8092
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        312⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        313⤵
        
        PID:7184
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        314⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        315⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        316⤵
        
        PID:7372
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        317⤵
        
        PID:7504
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        318⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        319⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        320⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        321⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        322⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        323⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        324⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        325⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        326⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        327⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        328⤵
        
        PID:7568
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        329⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        330⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        331⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        332⤵
        
        PID:8056
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        333⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        334⤵
        
        PID:7328
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        335⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        336⤵
        
        PID:7800
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        337⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        338⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        339⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        340⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        341⤵
        
        PID:7728
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        342⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        343⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        344⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        345⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        346⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        347⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        348⤵
        
        PID:8224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        349⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        350⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        351⤵
        
        PID:8392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        352⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        353⤵
        
        PID:8508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        354⤵
        
        PID:8556
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        355⤵
        
        PID:8612
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        356⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        357⤵
        
        PID:8724
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        358⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        359⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        360⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        361⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        362⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        363⤵
        
        PID:9064
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        364⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        365⤵
        
        PID:9176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        366⤵
        
        PID:8200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        367⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        368⤵
        
        PID:8356
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        369⤵
        
        PID:8432
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        370⤵
        
        PID:8528
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        371⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        372⤵
        
        PID:8676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        373⤵
        
        PID:8728
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        374⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        375⤵
        
        PID:8960
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        376⤵
        
        PID:9044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        377⤵
        
        PID:9144
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        378⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        379⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        380⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        381⤵
        
        PID:8480
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        382⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        383⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        384⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        385⤵
        
        PID:9020
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        386⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        387⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        388⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        389⤵
        
        PID:8520
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        390⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        391⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        392⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        393⤵
        
        PID:8288
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        394⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        395⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        396⤵
        
        PID:8540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        397⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        398⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        399⤵
        
        PID:9092
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        400⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        401⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        402⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        403⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        404⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        405⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        406⤵
        
        PID:9492
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        407⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        408⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        409⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        410⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        411⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        412⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        413⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        414⤵
        
        PID:9912
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        415⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        416⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        417⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        418⤵
        
        PID:10128
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        419⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        420⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        421⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        422⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        423⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        424⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        425⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        426⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        427⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        428⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        429⤵
        
        PID:9896
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        430⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        431⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        432⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        433⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        434⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        435⤵
        
        PID:9412
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        436⤵
        
        PID:9532
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        437⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        438⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        439⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        440⤵
        
        PID:9952
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        441⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        442⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        443⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        444⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        445⤵
        
        PID:9608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        446⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        447⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        448⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        449⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        450⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        451⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        452⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        453⤵
        
        PID:10200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        454⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        455⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        456⤵
        
        PID:10272
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        457⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        458⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        459⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        460⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        461⤵
        
        PID:10572
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        462⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        463⤵
        
        PID:10696
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        464⤵
        
        PID:10760
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        465⤵
        
        PID:10824
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        466⤵
        
        PID:10884
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        467⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        468⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        469⤵
        
        PID:11068
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        470⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        471⤵
        
        PID:11196
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        472⤵
        
        PID:11260
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        473⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        474⤵
        
        PID:10392
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        475⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        476⤵
        
        PID:10600
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        477⤵
        
        PID:10724
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        478⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        479⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        480⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        481⤵
        
        PID:11180
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        482⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        483⤵
        
        PID:10368
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        484⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        485⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        486⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        487⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        488⤵
        
        PID:11200
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        489⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        490⤵
        
        PID:10728
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        491⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        492⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        493⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        494⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        495⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        496⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        497⤵
        
        PID:11412
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        498⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        499⤵
        
        PID:11540
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        500⤵
        
        PID:11608
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        501⤵
        
        PID:11676
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        502⤵
        
        PID:11736
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        503⤵
        
        PID:11792
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        504⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        505⤵
        
        PID:11924
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        506⤵
        
        PID:11988
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        507⤵
        
        PID:12048
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        508⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        509⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        510⤵
        
        PID:12244
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        511⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2ec1a494ca2a2b7c439569e6658e2f45_JaffaCakes118.exe"
        512⤵
        
        PID:11296
        
        C:\Users\Admin\AppData\Local\Temp\lskaxxru.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lskaxxru.exe"
        512⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\yzqrzxh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yzqrzxh.exe"
        511⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\ayaeojwhbf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ayaeojwhbf.exe"
        510⤵
        
        PID:12264
        
        C:\Users\Admin\AppData\Local\Temp\cyjbnkby.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cyjbnkby.exe"
        509⤵
        
        PID:12200
        
        C:\Users\Admin\AppData\Local\Temp\uxtydwq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uxtydwq.exe"
        508⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\zojlxhyknbq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zojlxhyknbq.exe"
        507⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\rotiwjdmpx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rotiwjdmpx.exe"
        506⤵
        
        PID:12020
        
        C:\Users\Admin\AppData\Local\Temp\oupzotdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oupzotdx.exe"
        505⤵
        
        PID:11956
        
        C:\Users\Admin\AppData\Local\Temp\tbfmiel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tbfmiel.exe"
        504⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\lbpjxgpjdqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lbpjxgpjdqz.exe"
        503⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\qifgrbxddf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qifgrbxddf.exe"
        502⤵
        
        PID:11760
        
        C:\Users\Admin\AppData\Local\Temp\trptrcmvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\trptrcmvo.exe"
        501⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\lryqgern.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lryqgern.exe"
        500⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\kjmnahdmsv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kjmnahdmsv.exe"
        499⤵
        
        PID:11576
        
        C:\Users\Admin\AppData\Local\Temp\fqskuslgck.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fqskuslgck.exe"
        498⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\cwybmclb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cwybmclb.exe"
        497⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\hdoognt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hdoognt.exe"
        496⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\ukkejnjgilc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ukkejnjgilc.exe"
        495⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\wjubyzxxt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wjubyzxxt.exe"
        494⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\eyqoxtiks.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eyqoxtiks.exe"
        493⤵
        
        PID:11124
        
        C:\Users\Admin\AppData\Local\Temp\umsvucbxt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\umsvucbxt.exe"
        492⤵
        
        PID:11188
        
        C:\Users\Admin\AppData\Local\Temp\tewsefnwwud.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tewsefnwwud.exe"
        491⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\ssiicogjh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ssiicogjh.exe"
        490⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\vngpegsyh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vngpegsyh.exe"
        489⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\nrbdqba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nrbdqba.exe"
        488⤵
        
        PID:11232
        
        C:\Users\Admin\AppData\Local\Temp\sihqkminucd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sihqkminucd.exe"
        487⤵
        
        PID:11236
        
        C:\Users\Admin\AppData\Local\Temp\npxcexqhube.exe
        
        "C:\Users\Admin\AppData\Local\Temp\npxcexqhube.exe"
        486⤵
        
        PID:11016
        
        C:\Users\Admin\AppData\Local\Temp\ndztbhjuvn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ndztbhjuvn.exe"
        485⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\jzfkdry.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jzfkdry.exe"
        484⤵
        
        PID:10544
        
        C:\Users\Admin\AppData\Local\Temp\horxsljb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\horxsljb.exe"
        483⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\hqfunnvakra.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hqfunnvakra.exe"
        482⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\guhkkxonl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\guhkkxonl.exe"
        481⤵
        
        PID:11204
        
        C:\Users\Admin\AppData\Local\Temp\blxxeiwxl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\blxxeiwxl.exe"
        480⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\yhtowim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yhtowim.exe"
        479⤵
        
        PID:10948
        
        C:\Users\Admin\AppData\Local\Temp\gwobvmx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gwobvmx.exe"
        478⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\tckrnmnzzxk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tckrnmnzzxk.exe"
        477⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\afivkproj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\afivkproj.exe"
        476⤵
        
        PID:10576
        
        C:\Users\Admin\AppData\Local\Temp\cesizbf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cesizbf.exe"
        475⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\plyzrbvknqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\plyzrbvknqx.exe"
        474⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\usewlmdunf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\usewlmdunf.exe"
        473⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\rykmnwtp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rykmnwtp.exe"
        472⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\mfazhhlz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mfazhhlz.exe"
        471⤵
        
        PID:11224
        
        C:\Users\Admin\AppData\Local\Temp\lxewckxzdv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lxewckxzdv.exe"
        470⤵
        
        PID:11164
        
        C:\Users\Admin\AppData\Local\Temp\goutwvftdk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\goutwvftdk.exe"
        469⤵
        
        PID:11100
        
        C:\Users\Admin\AppData\Local\Temp\ggxqgnrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ggxqgnrs.exe"
        468⤵
        
        PID:11040
        
        C:\Users\Admin\AppData\Local\Temp\lnndaiz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lnndaiz.exe"
        467⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\gudqutg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gudqutg.exe"
        466⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\dbzhxtwrca.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dbzhxtwrca.exe"
        465⤵
        
        PID:10840
        
        C:\Users\Admin\AppData\Local\Temp\vajemfljd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vajemfljd.exe"
        464⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\ahzbgqtd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ahzbgqtd.exe"
        463⤵
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\crjofsyvpwf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\crjofsyvpwf.exe"
        462⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\rjxvzukvs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rjxvzukvs.exe"
        461⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\wqditfsp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wqditfsp.exe"
        460⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\txjzmpsjumn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txjzmpsjumn.exe"
        459⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\rlumbkt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rlumbkt.exe"
        458⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\tkejalioeq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tkejalioeq.exe"
        457⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\qrkzsvxy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qrkzsvxy.exe"
        456⤵
        
        PID:10288
        
        C:\Users\Admin\AppData\Local\Temp\lyammgfs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lyammgfs.exe"
        455⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\nxkjliuktup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nxkjliuktup.exe"
        454⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\kegaeskfv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kegaeskfv.exe"
        453⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\flwnydczv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\flwnydczv.exe"
        452⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\hugknfh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hugknfh.exe"
        451⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\hyibkyadial.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hyibkyadial.exe"
        450⤵
        
        PID:9960
        
        C:\Users\Admin\AppData\Local\Temp\zisojapvjw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zisojapvjw.exe"
        449⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\ephldlxpj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ephldlxpj.exe"
        448⤵
        
        PID:9300
        
        C:\Users\Admin\AppData\Local\Temp\worysxbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\worysxbh.exe"
        447⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\tvxovxbcxpe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tvxovxbcxpe.exe"
        446⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\vvhlkyguz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vvhlkyguz.exe"
        445⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\tjtyjdrgit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tjtyjdrgit.exe"
        444⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\qpzpbdhb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qpzpbdhb.exe"
        443⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\xsnsnglakaa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xsnsnglakaa.exe"
        442⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\kotjqqbknk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kotjqqbknk.exe"
        441⤵
        
        PID:10116
        
        C:\Users\Admin\AppData\Local\Temp\mydgfsqm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mydgfsqm.exe"
        440⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\hfttznyw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hfttznyw.exe"
        439⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\emokrnorbno.exe
        
        "C:\Users\Admin\AppData\Local\Temp\emokrnorbno.exe"
        438⤵
        
        PID:9820
        
        C:\Users\Admin\AppData\Local\Temp\glyhqpcjc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\glyhqpcjc.exe"
        437⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\bsoukkkdm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bsoukkkdm.exe"
        436⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\gzehevsx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gzehevsx.exe"
        435⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\dfaxxvihpwp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dfaxxvihpwp.exe"
        434⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\vfuuwhxjbi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vfuuwhxjbi.exe"
        433⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\amahqsftb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\amahqsftb.exe"
        432⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\xtgiisf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xtgiisf.exe"
        431⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\psqvxdkgfly.exe
        
        "C:\Users\Admin\AppData\Local\Temp\psqvxdkgfly.exe"
        430⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\scasxfzyqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\scasxfzyqx.exe"
        429⤵
        
        PID:9844
        
        C:\Users\Admin\AppData\Local\Temp\xipfrqgsq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xipfrqgsq.exe"
        428⤵
        
        PID:9860
        
        C:\Users\Admin\AppData\Local\Temp\pizcgclk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pizcgclk.exe"
        427⤵
        
        PID:9788
        
        C:\Users\Admin\AppData\Local\Temp\uppzant.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uppzant.exe"
        426⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\mozmzziwdio.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mozmzziwdio.exe"
        425⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\jvvdrzyqg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jvvdrzyqg.exe"
        424⤵
        
        PID:9512
        
        C:\Users\Admin\AppData\Local\Temp\ijxtpir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ijxtpir.exe"
        423⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\bjrqeug.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bjrqeug.exe"
        422⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\gpxdyfopsyk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gpxdyfopsyk.exe"
        421⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\izhaxgthu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\izhaxgthu.exe"
        420⤵
        
        PID:8348
        
        C:\Users\Admin\AppData\Local\Temp\dgxnrbbbe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dgxnrbbbe.exe"
        419⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\accejba.exe
        
        "C:\Users\Admin\AppData\Local\Temp\accejba.exe"
        418⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\zrevhltiie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zrevhltiie.exe"
        417⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\xfqiffelhgy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xfqiffelhgy.exe"
        416⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\ulwyypufj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ulwyypufj.exe"
        415⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\coksusye.exe
        
        "C:\Users\Admin\AppData\Local\Temp\coksusye.exe"
        414⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\ouqimsozwxq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ouqimsozwxq.exe"
        413⤵
        
        PID:9888
        
        C:\Users\Admin\AppData\Local\Temp\ozszjmhmxt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ozszjmhmxt.exe"
        412⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\wnomygsygl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wnomygsygl.exe"
        411⤵
        
        PID:9780
        
        C:\Users\Admin\AppData\Local\Temp\ttkcbgij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ttkcbgij.exe"
        410⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\iimjyzb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iimjyzb.exe"
        409⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\nocgskjqkfr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nocgskjqkfr.exe"
        408⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\pomdhmxhv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pomdhmxhv.exe"
        407⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\lvbqbhfcwq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvbqbhfcwq.exe"
        406⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\hbxhthv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hbxhthv.exe"
        405⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\hqjxqqojavn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hqjxqqojavn.exe"
        404⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\cwpkkbwtako.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cwpkkbwtako.exe"
        403⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\bpdhfeit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bpdhfeit.exe"
        402⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\wvtuzpqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wvtuzpqn.exe"
        401⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\wjvlwij.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wjvlwij.exe"
        400⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\bqlyqtrkydo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bqlyqtrkydo.exe"
        399⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\yxhostrea.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yxhostrea.exe"
        398⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\texlmeyya.exe
        
        "C:\Users\Admin\AppData\Local\Temp\texlmeyya.exe"
        397⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\sszsaxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sszsaxr.exe"
        396⤵
        
        PID:8816
        
        C:\Users\Admin\AppData\Local\Temp\yzopuiz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yzopuiz.exe"
        395⤵
        
        PID:9212
        
        C:\Users\Admin\AppData\Local\Temp\nnqvrssiniy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nnqvrssiniy.exe"
        394⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\nrsmollvpe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nrsmollvpe.exe"
        393⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\siiziwtpp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\siiziwtpp.exe"
        392⤵
        
        PID:8316
        
        C:\Users\Admin\AppData\Local\Temp\smkqffmc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\smkqffmc.exe"
        391⤵
        
        PID:9048
        
        C:\Users\Admin\AppData\Local\Temp\hamwcof.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hamwcof.exe"
        390⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\mhctwjnjbby.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mhctwjnjbby.exe"
        389⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\joikpjnte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\joikpjnte.exe"
        388⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\hcuxoeogdm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hcuxoeogdm.exe"
        387⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\guiuigz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\guiuigz.exe"
        386⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\lbohcrhzpjz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lbohcrhzpjz.exe"
        385⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\bpqxzaamrgf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bpqxzaamrgf.exe"
        384⤵
        
        PID:8984
        
        C:\Users\Admin\AppData\Local\Temp\ywworkaht.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ywworkaht.exe"
        383⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\gkhbqfbjc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gkhbqfbjc.exe"
        382⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\fythoou.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fythoou.exe"
        381⤵
        
        PID:8580
        
        C:\Users\Admin\AppData\Local\Temp\svpygouqgwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\svpygouqgwo.exe"
        380⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\xlfvajclgl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xlfvajclgl.exe"
        379⤵
        
        PID:8304
        
        C:\Users\Admin\AppData\Local\Temp\plpsplhcs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\plpsplhcs.exe"
        378⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\pprzmuap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pprzmuap.exe"
        377⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\ughwgpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ughwgpi.exe"
        376⤵
        
        PID:9076
        
        C:\Users\Admin\AppData\Local\Temp\ukjcdybwuec.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ukjcdybwuec.exe"
        375⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\przpyjigetd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\przpyjigetd.exe"
        374⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\lyfgatib.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lyfgatib.exe"
        373⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\qeldueq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qeldueq.exe"
        372⤵
        
        PID:8740
        
        C:\Users\Admin\AppData\Local\Temp\dlqtmegfkuy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dlqtmegfkuy.exe"
        371⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\flarbqvhv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\flarbqvhv.exe"
        370⤵
        
        PID:8532
        
        C:\Users\Admin\AppData\Local\Temp\kbqdvbdr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kbqdvbdr.exe"
        369⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\giwqqmlmv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\giwqqmlmv.exe"
        368⤵
        
        PID:8384
        
        C:\Users\Admin\AppData\Local\Temp\fmihnve.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fmihnve.exe"
        367⤵
        
        PID:8312
        
        C:\Users\Admin\AppData\Local\Temp\cteypfetzz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cteypfetzz.exe"
        366⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\xauljqmdjo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xauljqmdjo.exe"
        365⤵
        
        PID:9196
        
        C:\Users\Admin\AppData\Local\Temp\zjeiycqv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zjeiycqv.exe"
        364⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\equvsny.exe
        
        "C:\Users\Admin\AppData\Local\Temp\equvsny.exe"
        363⤵
        
        PID:9088
        
        C:\Users\Admin\AppData\Local\Temp\wqesrpnhwka.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wqesrpnhwka.exe"
        362⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\txaikzdbz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txaikzdbz.exe"
        361⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\ydpfeklw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ydpfeklw.exe"
        360⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\qdzstma.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qdzstma.exe"
        359⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\nkfjvwqinx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkfjvwqinx.exe"
        358⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\fjpgkxfao.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fjpgkxfao.exe"
        357⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\kqftfinu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kqftfinu.exe"
        356⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\nzpqeur.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nzpqeur.exe"
        355⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\igvnyfz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\igvnyfz.exe"
        354⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\enbeqfzqc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\enbeqfzqc.exe"
        353⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\gnlrfre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gnlrfre.exe"
        352⤵
        
        PID:8468
        
        C:\Users\Admin\AppData\Local\Temp\zmuoett.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zmuoett.exe"
        351⤵
        
        PID:8420
        
        C:\Users\Admin\AppData\Local\Temp\etklzebupoe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\etklzebupoe.exe"
        350⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\wcuyopqwbj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wcuyopqwbj.exe"
        349⤵
        
        PID:8296
        
        C:\Users\Admin\AppData\Local\Temp\ycevnrvo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ycevnrvo.exe"
        348⤵
        
        PID:8240
        
        C:\Users\Admin\AppData\Local\Temp\aboscdkgdhr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aboscdkgdhr.exe"
        347⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\sbyprfoifs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sbyprfoifs.exe"
        346⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\piegufos.exe
        
        "C:\Users\Admin\AppData\Local\Temp\piegufos.exe"
        345⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\nkszgsir.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkszgsir.exe"
        344⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\kryqisimutt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kryqisimutt.exe"
        343⤵
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\pxoncnqgei.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pxoncnqgei.exe"
        342⤵
        
        PID:8124
        
        C:\Users\Admin\AppData\Local\Temp\ketawyyqex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ketawyyqex.exe"
        341⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\medxladi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\medxladi.exe"
        340⤵
        
        PID:7680
        
        C:\Users\Admin\AppData\Local\Temp\jljnekddict.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jljnekddict.exe"
        339⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\bktadmiuun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bktadmiuun.exe"
        338⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\grjxxxppu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\grjxxxppu.exe"
        337⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\dyfophp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dyfophp.exe"
        336⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\yevbjsx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yevbjsx.exe"
        335⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\dllyddfnhjl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dllyddfnhjl.exe"
        334⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\vvvlcpufiv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vvvlcpufiv.exe"
        333⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\ssbcvpka.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ssbcvpka.exe"
        332⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\xigzpas.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xigzpas.exe"
        331⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\jfmphkiexm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jfmphkiexm.exe"
        330⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\rhajdnmex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rhajdnmex.exe"
        329⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\oogzvxm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oogzvxm.exe"
        328⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\jvwwpit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jvwwpit.exe"
        327⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\inaukbfsn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\inaukbfsn.exe"
        326⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\qlwgjvgum.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qlwgjvgum.exe"
        325⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\disxbfgp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\disxbfgp.exe"
        324⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\ipikvqo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ipikvqo.exe"
        323⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\hdkbszhwan.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hdkbszhwan.exe"
        322⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\xrmhpsaibj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xrmhpsaibj.exe"
        321⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\zrvefufa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zrvefufa.exe"
        320⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\exlrzfn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\exlrzfn.exe"
        319⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\rstyozgsqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rstyozgsqz.exe"
        318⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\tsdvnaku.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tsdvnaku.exe"
        317⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\rubpzoot.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rubpzoot.exe"
        316⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\nrxgcoedes.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nrxgcoedes.exe"
        315⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\sincwzmyf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sincwzmyf.exe"
        314⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\khxqllbp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\khxqllbp.exe"
        313⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\qonmfwjk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qonmfwjk.exe"
        312⤵
        
        PID:8176
        
        C:\Users\Admin\AppData\Local\Temp\cvidhgzetbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cvidhgzetbr.exe"
        311⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\eusawhowe.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eusawhowe.exe"
        310⤵
        
        PID:8052
        
        C:\Users\Admin\AppData\Local\Temp\kbinrsvge.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kbinrsvge.exe"
        309⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\wioejcl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wioejcl.exe"
        308⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\ewarixw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ewarixw.exe"
        307⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\eoeocpinsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eoeocpinsf.exe"
        306⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\zfubwkqhsu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zfubwkqhsu.exe"
        305⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\vcarokq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vcarokq.exe"
        304⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\ajqoivylfcs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ajqoivylfcs.exe"
        303⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\tsalyhddgoc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tsalyhddgoc.exe"
        302⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\ppwcahdy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ppwcahdy.exe"
        301⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\uglpusl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uglpusl.exe"
        300⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\nfvmjep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nfvmjep.exe"
        299⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\smlzdpxuugd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\smlzdpxuugd.exe"
        298⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\othqgpxo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\othqgpxo.exe"
        297⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\jaxdakfj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jaxdakfj.exe"
        296⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\ggdtskvdkyx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ggdtskvdkyx.exe"
        295⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\lnjqmvdnkm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lnjqmvdnkm.exe"
        294⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\bbvxjowalj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bbvxjowalj.exe"
        293⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\gibudzeul.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gibudzeul.exe"
        292⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\iilrsbt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iilrsbt.exe"
        291⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\vorivljgzce.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vorivljgzce.exe"
        290⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\crobhomgz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\crobhomgz.exe"
        289⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\pnksjocq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pnksjocq.exe"
        288⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\uuafdju.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uuafdju.exe"
        287⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\uwemncgkph.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uwemncgkph.exe"
        286⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\pduzhxoezw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pduzhxoezw.exe"
        285⤵
        
        PID:6608
        
        C:\Users\Admin\AppData\Local\Temp\orwpfghr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\orwpfghr.exe"
        284⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\qrgceimjces.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qrgceimjces.exe"
        283⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\jqqztubbdac.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jqqztubbdac.exe"
        282⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\lqaxsvgco.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lqaxsvgco.exe"
        281⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\dztuhxuu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dztuhxuu.exe"
        280⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\igzgbsc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\igzgbsc.exe"
        279⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\hynewloec.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hynewloec.exe"
        278⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\zyxblwtg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zyxblwtg.exe"
        277⤵
        
        PID:7116
        
        C:\Users\Admin\AppData\Local\Temp\epnofhb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\epnofhb.exe"
        276⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\xoxlejq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xoxlejq.exe"
        275⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\zohitvvkrn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zohitvvkrn.exe"
        274⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\bnrftxkc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bnrftxkc.exe"
        273⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\txbsiiy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txbsiiy.exe"
        272⤵
        
        PID:6420
        
        C:\Users\Admin\AppData\Local\Temp\tbcifsrqfgn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tbcifsrqfgn.exe"
        271⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\lkmfutwigs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lkmfutwigs.exe"
        270⤵
        
        PID:6148
        
        C:\Users\Admin\AppData\Local\Temp\qrcsoeesg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qrcsoeesg.exe"
        269⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\sqmpnqt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sqmpnqt.exe"
        268⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\kqwndsymtob.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kqwndsymtob.exe"
        267⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\hxcdfcygw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hxcdfcygw.exe"
        266⤵
        
        PID:6900
        
        C:\Users\Admin\AppData\Local\Temp\meiqzngr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\meiqzngr.exe"
        265⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\csuhmwzd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\csuhmwzd.exe"
        264⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\ereuliefieh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ereuliefieh.exe"
        263⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\jykrftlpit.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jykrftlpit.exe"
        262⤵
        
        PID:6496
        
        C:\Users\Admin\AppData\Local\Temp\wfqhytlkl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wfqhytlkl.exe"
        261⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\bmfusote.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bmfusote.exe"
        260⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\ysbluojpyud.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ysbluojpyud.exe"
        259⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\qslijqyqzg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qslijqyqzg.exe"
        258⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\vzbvdlgbj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vzbvdlgbj.exe"
        257⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\xilssnl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xilssnl.exe"
        256⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\spbfnyt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\spbfnyt.exe"
        255⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\pwxwpithnp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pwxwpithnp.exe"
        254⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\udntjtbrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\udntjtbrx.exe"
        253⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\hztjbtqm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hztjbtqm.exe"
        252⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\jjdgaefebsn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jjdgaefebsn.exe"
        251⤵
        
        PID:6852
        
        C:\Users\Admin\AppData\Local\Temp\eqstupnylho.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eqstupnylho.exe"
        250⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\gpcqkrcqn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gpcqkrcqn.exe"
        249⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\gdexhkvc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gdexhkvc.exe"
        248⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\aywbyfwjqab.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aywbyfwjqab.exe"
        247⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\ffmxsaeeap.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ffmxsaeeap.exe"
        246⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Temp\cmiokauo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cmiokauo.exe"
        245⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\xtybelci.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xtybelci.exe"
        244⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\xxascuu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xxascuu.exe"
        243⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\coqfwpcfoip.exe
        
        "C:\Users\Admin\AppData\Local\Temp\coqfwpcfoip.exe"
        242⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\pkmvopcaqs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pkmvopcaqs.exe"
        241⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\ruvsnrhb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ruvsnrhb.exe"
        240⤵
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\jtppccw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jtppccw.exe"
        239⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\oavcwneddoy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oavcwneddoy.exe"
        238⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\lhbtzxuyg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lhbtzxuyg.exe"
        237⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\lvxdntkc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lvxdntkc.exe"
        236⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\kxlaxwwctd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kxlaxwwctd.exe"
        235⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\abnhufopuq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\abnhufopuq.exe"
        234⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\fideoqgje.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fideoqgje.exe"
        233⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\ekhbjtiihxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ekhbjtiihxr.exe"
        232⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\zrwodeachmt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zrwodeachmt.exe"
        231⤵
        
        PID:5640
        
        C:\Users\Admin\AppData\Local\Temp\wxsefeqnj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wxsefeqnj.exe"
        230⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\beibzzyh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\beibzzyh.exe"
        229⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\wlyotkgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wlyotkgr.exe"
        228⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\ylilimvtvut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ylilimvtvut.exe"
        227⤵
        
        PID:5744
        
        C:\Users\Admin\AppData\Local\Temp\vrocbwloy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vrocbwloy.exe"
        226⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\qyupvhsyi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qyupvhsyi.exe"
        225⤵
        
        PID:5348
        
        C:\Users\Admin\AppData\Local\Temp\nfagxhs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nfagxhs.exe"
        224⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\smqdrcackkp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\smqdrcackkp.exe"
        223⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\iasjoltpmhl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iasjoltpmhl.exe"
        222⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\kzcgdnyrx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kzcgdnyrx.exe"
        221⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\pgrtxigb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pgrtxigb.exe"
        220⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\cnnkqig.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cnnkqig.exe"
        219⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\hudhktoqkpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hudhktoqkpm.exe"
        218⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\jtnujetil.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jtnujetil.exe"
        217⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\zhpkgomun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zhpkgomun.exe"
        216⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\eofxazup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eofxazup.exe"
        215⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\tqjfubfozff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tqjfubfozff.exe"
        214⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\yxzrpmxyzu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yxzrpmxyzu.exe"
        213⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\axjpeocq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\axjpeocq.exe"
        212⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\swtctar.exe
        
        "C:\Users\Admin\AppData\Local\Temp\swtctar.exe"
        211⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\pdysvahnpk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pdysvahnpk.exe"
        210⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\ukopplpxp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ukopplpxp.exe"
        209⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\mjymewep.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mjymewep.exe"
        208⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\raezzhm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\raezzhm.exe"
        207⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\oxkqbrcddd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oxkqbrcddd.exe"
        206⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\joadvcjnds.exe
        
        "C:\Users\Admin\AppData\Local\Temp\joadvcjnds.exe"
        205⤵
        
        PID:5352
        
        C:\Users\Admin\AppData\Local\Temp\gkwuncji.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gkwuncji.exe"
        204⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\lrmqhxr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lrmqhxr.exe"
        203⤵
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\dbwewzwurlq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dbwewzwurlq.exe"
        202⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\iimaqkeora.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iimaqkeora.exe"
        201⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\voirtueze.exe
        
        "C:\Users\Admin\AppData\Local\Temp\voirtueze.exe"
        200⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\avxenfmt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\avxenfmt.exe"
        199⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\cvhbchrlfur.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cvhbchrlfur.exe"
        198⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\pbnsurrfin.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pbnsurrfin.exe"
        197⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\xqzftlssrf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xqzftlssrf.exe"
        196⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\weblqvke.exe
        
        "C:\Users\Admin\AppData\Local\Temp\weblqvke.exe"
        195⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\tahcjvkzvuz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tahcjvkzvuz.exe"
        194⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\rptpizv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rptpizv.exe"
        193⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\ovzfazlwwg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ovzfazlwwg.exe"
        192⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\ojbwxieih.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ojbwxieih.exe"
        191⤵
        
        PID:5516
        
        C:\Users\Admin\AppData\Local\Temp\jqrjrdmdi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jqrjrdmdi.exe"
        190⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\oxhgloun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oxhgloun.exe"
        189⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\qxqdkqjptro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qxqdkqjptro.exe"
        188⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\ddmudazzwk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ddmudazzwk.exe"
        187⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\ikchxlhtw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ikchxlhtw.exe"
        186⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\hyenuua.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hyenuua.exe"
        185⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\zyokjgoyihu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zyokjgoyihu.exe"
        184⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\zmabgphlku.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zmabgphlku.exe"
        183⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\etgoaapfk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\etgoaapfk.exe"
        182⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\ehiexjis.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ehiexjis.exe"
        181⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\wgcbxvn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wgcbxvn.exe"
        180⤵
        
        PID:4316
        
        C:\Users\Admin\AppData\Local\Temp\ygmomxcbym.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ygmomxcbym.exe"
        179⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\txslgikwyb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txslgikwyb.exe"
        178⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\qtxcysaq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qtxcysaq.exe"
        177⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\sthpxupimgr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sthpxupimgr.exe"
        176⤵
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\nkxmrpxcmvs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkxmrpxcmvs.exe"
        175⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\pjhjhqbun.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pjhjhqbun.exe"
        174⤵
        
        PID:4824
        
        C:\Users\Admin\AppData\Local\Temp\mqdajqb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mqdajqb.exe"
        173⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\kibtvef.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kibtvef.exe"
        172⤵
        
        PID:4204
        
        C:\Users\Admin\AppData\Local\Temp\gphknevyd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gphknevyd.exe"
        171⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\odtxmyglc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\odtxmyglc.exe"
        170⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\bkzneiwf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bkzneiwf.exe"
        169⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\grfazte.exe
        
        "C:\Users\Admin\AppData\Local\Temp\grfazte.exe"
        168⤵
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\dxlrbtekrq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dxlrbtekrq.exe"
        167⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\bmweqofwqsp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bmweqofwqsp.exe"
        166⤵
        
        PID:4496
        
        C:\Users\Admin\AppData\Local\Temp\dlgbpztob.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dlgbpztob.exe"
        165⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\dzssmjmb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dzssmjmb.exe"
        164⤵
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\srwpwlyafji.exe
        
        "C:\Users\Admin\AppData\Local\Temp\srwpwlyafji.exe"
        163⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\sfyfuurngf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sfyfuurngf.exe"
        162⤵
        
        PID:5080
        
        C:\Users\Admin\AppData\Local\Temp\xmosofzhq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xmosofzhq.exe"
        161⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\pmypnrez.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pmypnrez.exe"
        160⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\udochcm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\udochcm.exe"
        159⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\mcyzwebldqz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mcyzwebldqz.exe"
        158⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\jjuqyorgg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jjuqyorgg.exe"
        157⤵
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\Temp\lidnoqg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lidnoqg.exe"
        156⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\gptaibn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gptaibn.exe"
        155⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\dwzraldmut.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dwzraldmut.exe"
        154⤵
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\idpeuwlwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\idpeuwlwu.exe"
        153⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\aczbtxay.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aczbtxay.exe"
        152⤵
        
        PID:4224
        
        C:\Users\Admin\AppData\Local\Temp\fjfonsi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fjfonsi.exe"
        151⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\cqlegsydim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cqlegsydim.exe"
        150⤵
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\xxbbadqnia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xxbbadqnia.exe"
        149⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\zglyzpvp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zglyzpvp.exe"
        148⤵
        
        PID:5012
        
        C:\Users\Admin\AppData\Local\Temp\wdhprpvzwfo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wdhprpvzwfo.exe"
        147⤵
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\ruwcladuwup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ruwcladuwup.exe"
        146⤵
        
        PID:4900
        
        C:\Users\Admin\AppData\Local\Temp\ttgzamhly.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ttgzamhly.exe"
        145⤵
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\Temp\oawmuxpgi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oawmuxpgi.exe"
        144⤵
        
        PID:4788
        
        C:\Users\Admin\AppData\Local\Temp\qagjuje.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qagjuje.exe"
        143⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\tzqgjkjzlcd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tzqgjkjzlcd.exe"
        142⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\fgwxlkjkn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fgwxlkjkn.exe"
        141⤵
        
        PID:4612
        
        C:\Users\Admin\AppData\Local\Temp\knckffre.exe
        
        "C:\Users\Admin\AppData\Local\Temp\knckffre.exe"
        140⤵
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\htiaxghyadi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\htiaxghyadi.exe"
        139⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\caynrrpjasz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\caynrrpjasz.exe"
        138⤵
        
        PID:4452
        
        C:\Users\Admin\AppData\Local\Temp\ekikhcekb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ekikhcekb.exe"
        137⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\jrnhbnlv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jrnhbnlv.exe"
        136⤵
        
        PID:4344
        
        C:\Users\Admin\AppData\Local\Temp\wntydnb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wntydnb.exe"
        135⤵
        
        PID:4300
        
        C:\Users\Admin\AppData\Local\Temp\yxdlszqhpi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yxdlszqhpi.exe"
        134⤵
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\tetimkybzw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tetimkybzw.exe"
        133⤵
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\wddvlmntb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wddvlmntb.exe"
        132⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\skzmewdndbs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\skzmewdndbs.exe"
        131⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\nrpjyhlyeqt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nrpjyhlyeqt.exe"
        130⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\psndhlm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\psndhlm.exe"
        129⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\nhzqgfml.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nhzqgfml.exe"
        128⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\mlawdpfyczu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mlawdpfyczu.exe"
        127⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\pukttauqdu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pukttauqdu.exe"
        126⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\eywkqknde.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eywkqknde.exe"
        125⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\jpcxkvvn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jpcxkvvn.exe"
        124⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\gmincflihpq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gmincflihpq.exe"
        123⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\bdyawqtcror.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bdyawqtcror.exe"
        122⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\yzuryqtwu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yzuryqtwu.exe"
        121⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\dgkotlbg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dgkotlbg.exe"
        120⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\vqulimg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vqulimg.exe"
        119⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\axkycxnsfws.exe
        
        "C:\Users\Admin\AppData\Local\Temp\axkycxnsfws.exe"
        118⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\xdgpuhnni.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xdgpuhnni.exe"
        117⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\skvcosvxi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\skvcosvxi.exe"
        116⤵
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\phbsqsl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\phbsqsl.exe"
        115⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\uyhpkntmvmn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uyhpkntmvmn.exe"
        114⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\pfxcfylwvbo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pfxcfylwvbo.exe"
        113⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\mldtxybqx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mldtxybqx.exe"
        112⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\rsjgrtjk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rsjgrtjk.exe"
        111⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\jstdqvy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jstdqvy.exe"
        110⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\igftdfrpkr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\igftdfrpkr.exe"
        109⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\onlghzzzug.exe
        
        "C:\Users\Admin\AppData\Local\Temp\onlghzzzug.exe"
        108⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\atrxaaou.exe
        
        "C:\Users\Admin\AppData\Local\Temp\atrxaaou.exe"
        107⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\ctbupbdmylu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ctbupbdmylu.exe"
        106⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\iaqhjwlgyav.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iaqhjwlgyav.exe"
        105⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\ugmylwbab.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ugmylwbab.exe"
        104⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\cvilarmnk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\cvilarmnk.exe"
        103⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\eusizcr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\eusizcr.exe"
        102⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\uiuywmk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uiuywmk.exe"
        101⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\rpappmkmpm.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rpappmkmpm.exe"
        100⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\zdmseglyye.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zdmseglyye.exe"
        99⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\yhoibzel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yhoibzel.exe"
        98⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\rryfabsd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rryfabsd.exe"
        97⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\nnewsbixdf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nnewsbixdf.exe"
        96⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\vcqjrftkmx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vcqjrftkmx.exe"
        95⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\iiwajfjup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iiwajfjup.exe"
        94⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\iwyghoch.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iwyghoch.exe"
        93⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\qljtgjnu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qljtgjnu.exe"
        92⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\fzvkdcg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fzvkdcg.exe"
        91⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\frzhnusgdz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\frzhnusgdz.exe"
        90⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\efbxkelt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\efbxkelt.exe"
        89⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\zmrkeztn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zmrkeztn.exe"
        88⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\ethxykb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ethxykb.exe"
        87⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\bzdobkbrrs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bzdobkbrrs.exe"
        86⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\wgtlvfimrh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wgtlvfimrh.exe"
        85⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\wuvrsobys.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wuvrsobys.exe"
        84⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\vyhifxu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vyhifxu.exe"
        83⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\afnvzicvepc.exe
        
        "C:\Users\Admin\AppData\Local\Temp\afnvzicvepc.exe"
        82⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\tpwsyuhxfaw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tpwsyuhxfaw.exe"
        81⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\plcjruhi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\plcjruhi.exe"
        80⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\ucsglpp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ucsglpp.exe"
        79⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\pjytfax.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pjytfax.exe"
        78⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\sjiqeccottn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\sjiqeccottn.exe"
        77⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\epogwmciw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\epogwmciw.exe"
        76⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\jwetqxjt.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jwetqxjt.exe"
        75⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\gdakixznjkr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gdakixznjkr.exe"
        74⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\yckhijofkw.exe
        
        "C:\Users\Admin\AppData\Local\Temp\yckhijofkw.exe"
        73⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\djaucuwzu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\djaucuwzu.exe"
        72⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\gjjrrvbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gjjrrvbr.exe"
        71⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\vlxolynqypo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\vlxolynqypo.exe"
        70⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\xkhlkacia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xkhlkacia.exe"
        69⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\pkrialhk.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pkrialhk.exe"
        68⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\xydvzgsx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\xydvzgsx.exe"
        67⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\ziniohgplau.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ziniohgplau.exe"
        66⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\pabpiksoyj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\pabpiksoyj.exe"
        65⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\uhhccvayy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uhhccvayy.exe"
        64⤵
        Executes dropped EXE
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\gnntuvq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gnntuvq.exe"
        63⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\mucgpqy.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mucgpqy.exe"
        62⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\oumdosnfmb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oumdosnfmb.exe"
        61⤵
        Executes dropped EXE
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\nioubbgs.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nioubbgs.exe"
        60⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\fhyhanl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fhyhanl.exe"
        59⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\fvaxxwewawj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fvaxxwewawj.exe"
        58⤵
        Executes dropped EXE
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\kcqkrhlqau.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kcqkrhlqau.exe"
        57⤵
        Executes dropped EXE
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\aqsboaedbh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\aqsboaedbh.exe"
        56⤵
        Executes dropped EXE
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\zigyjtq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zigyjtq.exe"
        55⤵
        Executes dropped EXE
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\hxslynb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hxslynb.exe"
        54⤵
        Executes dropped EXE
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\udybaxrkpag.exe
        
        "C:\Users\Admin\AppData\Local\Temp\udybaxrkpag.exe"
        53⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\wdiypzgbr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wdiypzgbr.exe"
        52⤵
        Executes dropped EXE
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\rkxljkowr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\rkxljkowr.exe"
        51⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\oqtcbue.exe
        
        "C:\Users\Admin\AppData\Local\Temp\oqtcbue.exe"
        50⤵
        Executes dropped EXE
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\txjzwfmaeth.exe
        
        "C:\Users\Admin\AppData\Local\Temp\txjzwfmaeth.exe"
        49⤵
        Executes dropped EXE
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\lhtmvgbsff.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lhtmvgbsff.exe"
        48⤵
        Executes dropped EXE
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\qojjpbimp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qojjpbimp.exe"
        47⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\nkfahci.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nkfahci.exe"
        46⤵
        Executes dropped EXE
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\ibvnbnq.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ibvnbnq.exe"
        45⤵
        Executes dropped EXE
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\fybdtxgluv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fybdtxgluv.exe"
        44⤵
        Executes dropped EXE
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\hhlatyvd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hhlatyvd.exe"
        43⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\zhvxika.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zhvxika.exe"
        42⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\hvgkhel.exe
        
        "C:\Users\Admin\AppData\Local\Temp\hvgkhel.exe"
        41⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\jvqxwgqjrg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jvqxwgqjrg.exe"
        40⤵
        Executes dropped EXE
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\wbwoygquu.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wbwoygquu.exe"
        39⤵
        Executes dropped EXE
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\biclsbyo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\biclsbyo.exe"
        38⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\ypiclbnjxhn.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ypiclbnjxhn.exe"
        37⤵
        Executes dropped EXE
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\twypfmvthwo.exe
        
        "C:\Users\Admin\AppData\Local\Temp\twypfmvthwo.exe"
        36⤵
        Executes dropped EXE
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\ydobzhdnhl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ydobzhdnhl.exe"
        35⤵
        Executes dropped EXE
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\amyzojsf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\amyzojsf.exe"
        34⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\njupqji.exe
        
        "C:\Users\Admin\AppData\Local\Temp\njupqji.exe"
        33⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\psemfvxrwb.exe
        
        "C:\Users\Admin\AppData\Local\Temp\psemfvxrwb.exe"
        32⤵
        Executes dropped EXE
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\kzuzzgflwa.exe
        
        "C:\Users\Admin\AppData\Local\Temp\kzuzzgflwa.exe"
        31⤵
        Executes dropped EXE
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\mzdwzrud.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mzdwzrud.exe"
        30⤵
        Executes dropped EXE
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\jfjnrrkyavh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jfjnrrkyavh.exe"
        29⤵
        Executes dropped EXE
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\gixqdvnxkj.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gixqdvnxkj.exe"
        28⤵
        Executes dropped EXE
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\dedhffdh.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dedhffdh.exe"
        27⤵
        Executes dropped EXE
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\iltuzql.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iltuzql.exe"
        26⤵
        Executes dropped EXE
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\ynxrusxbake.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ynxrusxbake.exe"
        25⤵
        Executes dropped EXE
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\dunoodfvaz.exe
        
        "C:\Users\Admin\AppData\Local\Temp\dunoodfvaz.exe"
        24⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\ybtbionfao.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ybtbionfao.exe"
        23⤵
        Executes dropped EXE
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\zppfujvunww.exe
        
        "C:\Users\Admin\AppData\Local\Temp\zppfujvunww.exe"
        22⤵
        Executes dropped EXE
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\soycjlamohf.exe
        
        "C:\Users\Admin\AppData\Local\Temp\soycjlamohf.exe"
        21⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\uyizjxoez.exe
        
        "C:\Users\Admin\AppData\Local\Temp\uyizjxoez.exe"
        20⤵
        Executes dropped EXE
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\mbucvim.exe
        
        "C:\Users\Admin\AppData\Local\Temp\mbucvim.exe"
        19⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\olezuubkdx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\olezuubkdx.exe"
        18⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\qwmgmmnpd.exe
        
        "C:\Users\Admin\AppData\Local\Temp\qwmgmmnpd.exe"
        17⤵
        Executes dropped EXE
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\gyadgfzp.exe
        
        "C:\Users\Admin\AppData\Local\Temp\gyadgfzp.exe"
        16⤵
        Executes dropped EXE
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\ktshyjawsg.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ktshyjawsg.exe"
        15⤵
        Executes dropped EXE
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\alwoscmve.exe
        
        "C:\Users\Admin\AppData\Local\Temp\alwoscmve.exe"
        14⤵
        Executes dropped EXE
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\fslbmxug.exe
        
        "C:\Users\Admin\AppData\Local\Temp\fslbmxug.exe"
        13⤵
        Executes dropped EXE
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\wgxeyibuhv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wgxeyibuhv.exe"
        12⤵
        Executes dropped EXE
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\bbpiqmcr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\bbpiqmcr.exe"
        11⤵
        Executes dropped EXE
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\wiffkxkl.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wiffkxkl.exe"
        10⤵
        Executes dropped EXE
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\wajcezwlfew.exe
        
        "C:\Users\Admin\AppData\Local\Temp\wajcezwlfew.exe"
        9⤵
        Executes dropped EXE
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\lcxzysiki.exe
        
        "C:\Users\Admin\AppData\Local\Temp\lcxzysiki.exe"
        8⤵
        Executes dropped EXE
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\nbhwnex.exe
        
        "C:\Users\Admin\AppData\Local\Temp\nbhwnex.exe"
        7⤵
        Executes dropped EXE
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\leuqkhr.exe
        
        "C:\Users\Admin\AppData\Local\Temp\leuqkhr.exe"
        6⤵
        Executes dropped EXE
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\ndenzjftvi.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ndenzjftvi.exe"
        5⤵
        Executes dropped EXE
        
        PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\fdokovkvw.exe
      "C:\Users\Admin\AppData\Local\Temp\fdokovkvw.exe"
      4⤵
      Executes dropped EXE
      PID:2820
- - C:\Users\Admin\AppData\Local\Temp\ejexfgpikz.exe
    "C:\Users\Admin\AppData\Local\Temp\ejexfgpikz.exe"
    3⤵
    - Adds policy Run key to start application
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Modifies WinLogon
    - Drops file in System32 directory
    PID:2956
  - - C:\Windows\SysWOW64\wnsydrv.exe
      "C:\Windows\System32\wnsydrv.exe" a
      4⤵
      Executes dropped EXE
      PID:992
- C:\Users\Admin\AppData\Local\Temp\blcrckthk.exe
  "C:\Users\Admin\AppData\Local\Temp\blcrckthk.exe"
  2⤵
  - Adds policy Run key to start application
  - Executes dropped EXE
  - Adds Run key to start application
  - Modifies WinLogon
  - Drops file in System32 directory
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\blcrckthk.exe

Filesize
60KB

MD5
743168306f259da59e4d14e3bb2f357b

SHA1
c8e7c10bcde3c0da8531e1f895cfef34866fe4e4

SHA256
364f281d623cc1594dda68407faba1cc68c70b56275c365b1660f3b2d0586845

SHA512
42c31f768d739a88010c7bbe9a197ad1316ea80164a45597e92914f55b5bb4c5093f4e107448b476e63d87062e88bd5e175fc4d8c2129132e3b2073934226d16

Download Submit
memory/2164-9838-0x00000000777D0000-0x00000000778CA000-memory.dmp

Filesize
1000KB

Download
memory/2164-9837-0x00000000776B0000-0x00000000777CF000-memory.dmp

Filesize
1.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads